Vulnerability Analysis of PAP for RFID Tags
Mu'awya Naser, Pedro Peris-Lopez, Mohammd Rafie, Jan van der Lubbe
TL;DR
This paper critically examines the security of the PAP RFID protocol, revealing multiple vulnerabilities and incorrect assumptions that compromise privacy and authentication in passive RFID tags.
Contribution
It identifies specific traceability and impersonation attacks on PAP, and highlights flawed foundational assumptions in its design.
Findings
PAP is vulnerable to traceability and impersonation attacks.
Many of PAP's security assumptions are incorrect and unrealistic.
The protocol's claimed security features are invalidated by these vulnerabilities.
Abstract
In this paper, we analyze the security of an RFID authentication protocol proposed by Liu and Bailey [1], called Privacy and Authentication Protocol (PAP), and show its vulnerabilities and faulty assumptions. PAP is a privacy and authentication protocol designed for passive tags. The authors claim that the protocol, being resistant to commonly assumed attacks, requires little computation and provides privacy protection and authentication. Nevertheless, we propose two traceability attacks and an impersonation attack, in which the revealing of secret information (i.e., secret key and static identifier) shared between the tag and the reader is unnecessary. Moreover, we review all basic assumptions on which the design of the protocol resides, and show how many of them are incorrect and are contrary to the common assumptions in RFID systems.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsRFID technology advancements · User Authentication and Security Systems · Energy Harvesting in Wireless Networks